VDB
CVE-2026-21859
CVE-2026-21859
PUBLISHED
CVSS 5.800000190734863 MEDIUM
Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability
EPSS 0.95% · 76.6th percentile
Risk Scores
CVSS v3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
EPSS Score
0.95%
76.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | axllent/mailpit | 0 |
| axllent | mailpit | < 1.28.1, 0 |
Timeline
- Mar 27, 2022 CrowdSec Sighting
- May 3, 2022 CrowdSec Sighting
- May 24, 2022 CrowdSec Sighting
- Jun 20, 2022 CrowdSec Sighting
- Aug 8, 2022 CrowdSec Sighting
- Aug 13, 2022 CrowdSec Sighting
- Sep 18, 2022 CrowdSec Sighting
- Sep 24, 2022 CrowdSec Sighting
- Oct 12, 2022 CrowdSec Sighting
- Oct 20, 2022 CrowdSec Sighting
- Nov 9, 2022 CrowdSec Sighting
- Nov 20, 2022 CrowdSec Sighting
References
- https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr url
- https://github.com/axllent/mailpit/commit/3b9b470c093b3d20b7d751722c1c24f3eed2e19d url
- https://nvd.nist.gov/vuln/detail/CVE-2026-21859 advisory
- https://github.com/axllent/mailpit package
- https://pkg.go.dev/vuln/GO-2026-4284 url